diff --git a/l1-contracts/contracts/bridge/UpgradeableBeaconDeployer.sol b/l1-contracts/contracts/bridge/UpgradeableBeaconDeployer.sol
index 77cbea23bb..93d813c6e3 100644
--- a/l1-contracts/contracts/bridge/UpgradeableBeaconDeployer.sol
+++ b/l1-contracts/contracts/bridge/UpgradeableBeaconDeployer.sol
@@ -5,6 +5,7 @@ pragma solidity 0.8.28;
 import {UpgradeableBeacon} from "@openzeppelin/contracts-v4/proxy/beacon/UpgradeableBeacon.sol";
 
 import {BridgedStandardERC20} from "./BridgedStandardERC20.sol";
+import {EmptyAddress} from "../common/L1ContractErrors.sol";
 
 /// @author Matter Labs
 /// @custom:security-contact security@matterlabs.dev
@@ -13,6 +14,10 @@ import {BridgedStandardERC20} from "./BridgedStandardERC20.sol";
 /// does not have to include BridgedStandardERC20 and UpgradeableBeacon and so can fit into the code size limit.
 contract UpgradeableBeaconDeployer {
     function deployUpgradeableBeacon(address _owner) external returns (address) {
+        if (_owner == address(0)) {
+            revert EmptyAddress();
+        }
+
         address l2StandardToken = address(new BridgedStandardERC20{salt: bytes32(0)}());
 
         UpgradeableBeacon tokenBeacon = new UpgradeableBeacon{salt: bytes32(0)}(l2StandardToken);
diff --git a/l1-contracts/contracts/bridgehub/L1ChainAssetHandler.sol b/l1-contracts/contracts/bridgehub/L1ChainAssetHandler.sol
index 8d9394879d..6d290f1caa 100644
--- a/l1-contracts/contracts/bridgehub/L1ChainAssetHandler.sol
+++ b/l1-contracts/contracts/bridgehub/L1ChainAssetHandler.sol
@@ -12,6 +12,7 @@ import {IL1AssetHandler} from "../bridge/interfaces/IL1AssetHandler.sol";
 import {IL1Bridgehub} from "./IL1Bridgehub.sol";
 import {IMessageRoot} from "./IMessageRoot.sol";
 import {IAssetRouterBase} from "../bridge/asset-router/IAssetRouterBase.sol";
+import {ChainIdMismatch} from "../common/L1ContractErrors.sol";
 
 /// @author Matter Labs
 /// @custom:security-contact security@matterlabs.dev
@@ -83,7 +84,6 @@ contract L1ChainAssetHandler is ChainAssetHandlerBase, IL1AssetHandler {
     /// @param _depositSender the address of the entity that initiated the deposit.
     // slither-disable-next-line locked-ether
     function bridgeRecoverFailedTransfer(
-        // solhint-disable-next-line no-unused-vars
         uint256 _chainId,
         bytes32 _assetId,
         address _depositSender,
@@ -91,6 +91,10 @@ contract L1ChainAssetHandler is ChainAssetHandlerBase, IL1AssetHandler {
     ) external payable override requireZeroValue(msg.value) onlyAssetRouter {
         BridgehubBurnCTMAssetData memory bridgehubBurnData = abi.decode(_data, (BridgehubBurnCTMAssetData));
 
+        if (_chainId != bridgehubBurnData.chainId) {
+            revert ChainIdMismatch();
+        }
+
         (address zkChain, address ctm) = IBridgehubBase(_bridgehub()).forwardedBridgeRecoverFailedTransfer(
             bridgehubBurnData.chainId
         );